CVE-2006-1731

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2006-1731
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2006-1731.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2006-1731
Downstream
Withdrawn
2026-01-27T04:06:31.858835Z
Published
2006-04-14T10:02:00Z
Modified
2026-01-27T04:06:31.858835Z
Summary
[none]
Details

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

References

Affected packages